Chain of Attack

How Your Facebook Can Lead To A Ransomware Attack

I talk a lot about social media, cookies, and data mining. It’s not just here on Tech Talk either. My friends and family’s eyes glaze over when I start waxing poetic on always modifying cookie settings or locking down your Facebook profile.

But I also believe that you have to understand something that plays such a huge part in your life. Saying, “get rid of all your social media,” just isn’t an option for a lot of people. So how can your Facebook lead to your actual job having to pay after a ransomware attack? Let me tell you a story.

Once Upon A Time…

Once there was a an employee who was quite proud of her job. She had it listed on all her social media channels. She should be proud too, she worked hard to climb the ladder at her company. This employee also loved talking about her place of employment.

Along came a cybercriminal. Since the employee had her Facebook public, he was able to see where she worked. Getting her data was easy enough. Not only did she overshare online, but all of the accepted cookies and social trail she left gave a pretty comprehensive history.

This particular brand of cybercriminal operated mostly through phishing emails. With a little clicking, he was able to find someone in the company with less tech experience than the employee. He fired off his phishing email and waited.

That co-worker opened the email attachment not realizing what it was (education is important!) Luckily, the company deployed a comprehensive allow-list based antivirus on all company machines and the tricky trojan that would have been released was caught and blocked.

Our cybercriminal was thwarted. Except, he wasn’t.

See, the cybercriminal didn’t just find information on the employee’s co-workers, but also on her friends listed on her social media account. He sent phishing emails across the networks of those people too. And one of the companies he targeted didn’t have a comprehensive security plan. They were hit. It cost them $250,000. There was no way for them to track how they’d been targeted since their ability to trace it back never connected to the employee who didn’t work there.

A Lesson Learned

Didn’t see that ending coming, did you? That little twist ending may have been dramatic, but it’s completely plausible. Cybercriminals not only have access to all of your social information, but they can tap into your friends as well.

A sum of $250,000 could shutter the doors on a small business. It’s even scarier to know that small businesses are being attacked more and more as ransomware ramps up. Social media isn’t completely avoidable, but it can be safer.

The entire story is fiction, by the way. No actual companies were harmed in the telling of this story. It is, however, a situation that I’m sure has happened and will happen again. As we surge forward in the war on ransomware, remember that it’s all our responsibility to keep each other safe.

Remember to think before you share, and, as always, stay safe out there.

Want to get monthly tips & tricks?

Subscribe to our newsletter to get cybersecurity tips & tricks and stay up to date with the constantly evolving world of cybersecurity.

Related Articles